Google is alerting users when it turns up evidence of a certain type of malware in their systems in the form of warnings delivered with search results. The service is meant to provide an extra layer of protection. It is not comprehensive, and it is in no way meant to replace antivirus software, the company emphasized. Still, it could make a real difference among certain users, such as those who take malware protection too lightly.

Google is stepping up its efforts to improve computer security by adding warnings to users’ search results when it suspects their systems might be compromised by a certain type of malware.

Up to now, Google’s security efforts have focused on the Chrome browser and the AndroidMarket. These new alerts are not intended to be a comprehensive solution — users must still be responsible for their machines’ safety.

“This is not a replacement for antivirus software,” said Google spokesperson Jay Nancarrow. “We are only notifying users whose machines are infected with a specific piece of malware. Users should install antivirus to clean their machines and protect themselves from other threats.”

Another Layer of Security

Google’s description of what it is doing indicates that it can only detect an already-infected machine and alert the user to the potential problem, noted Adam Wosotowsky, McAfee senior research analyst.

“Users still need to have an antivirus tool to clean their box, as well as prevent it from becoming infected in the first place,” he told TechNewsWorld.

Still, the service could make a real difference among certain users, such as people who tend to ignore security or who keep their AV settings as loose as possible, Paul Paget, president ofSavant Protection, told TechNewsWorld.

“This is a crowd that generally needs hand-holding and any assistance Google can provide, to point them in a secure direction, is another layer of needed security for the many Web users who are responsible for spreading the majority of infections,” Robert Siciliano, CEO ofIDTheftSecurity.com, told TechNewsWorld.

Unusual Patterns

Google detected a certain type of malware after noting unusual patterns of activity in search traffic while performing routine maintenance at one of its data centers.

It eventually determined that the computers exhibiting the odd behavior were infected with a particular strain of malicious software that causes infected computers to send traffic to Google through a small number of proxy servers.

Google is embedding the warning directly atop users’ search results, so people will realize it is a message from Google and not a hack attempt to direct users to a corrupted site.

Not that malware writers couldn’t circumvent that — but it would be highly difficult, Chris Larsen, senior malware researcher for Blue Coat Systems, told TechNewsWorld.

Also, it would be possible for a hacker to mimic an entire Google SERP, he added.

“I’ve seen examples of fake Google SERPs — used in pharma-scams, for example — that include a bogus version of the banner with a link to fake AV,” said Larsen.

“We saw something similar happen when Firefox began partnering with Google to display warning pages about potentially dangerous websites,” he added. Hackers began using fake versions of these pages as their “pop-up” pages to introduce a fake AV attack.

On balance, though, “this is a wonderful step for Google to take,” Larsen concluded.

What’s in It for Google?

That “wonderful step” is also a self-serving one, Joe Silverman, CEO of New York Computer Help, told TechNewsWorld. “Viruses and spyware have been jamming up the Google data centers. Such traffic makes the overall search experience slower for some sets of users.”

Also, Google’s warnings are geared specifically toward Windows computers — not Macs, he added. “Google is no dummy. Why go after Macs when they barely get any viruses?”

At least Google is making an effort to help stem the flow of malware and criminal activity that is associated with malware, Andy Hayter, anti-malcode manager at ICSA Labs, told TechNewsWorld.

“Hopefully, this type of effort can be duplicated by other search engines,” he said, “furthering the prevention of malware.”